ThreatPress

WordPress Vulnerability Database

Back

WordPress Secure File Manager plugin <= 2.5 - Authenticated Remote Command Execution (RCE) vulnerability

Product
Secure File Manager
Description
Authenticated Remote Command Execution (RCE) vulnerability found by NinTechNet in WordPress Secure File Manager plugin (versions <= 2.5).
Solution
The plugin has been removed from the wordpress.org plugin repository. We highly recommend deleting this plugin from your WordPress sites. wordpress.org notice: "This plugin has been closed as of September 8, 2020 and is not available for download. Reason: Security Issue."
Classification
Type Arbitrary Code Execution
OWASP Top 10 A1: Injection
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 2.5
Fixed In 2.6
Disclosure date
2020-11-23
Credits
NinTechNet